When it comes to credit card processing, security should be a top priority for all merchants. After all, a data breach can cost you and your business hundreds of thousands — if not millions — of dollars in financial losses, not to mention lost customers and damage to your reputation.
One of the best ways to protect yourself and your customers is to work with your merchant services provider to achieve and maintain PCI compliance.
PCI compliance refers to adherence to the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS), which began as five different programs run by the five major credit card brands. In 2004, they aligned their policies and PCI DSS was born. Its goal is to be an information security standard to help protect customer account data on a global basis.
Of course, in reality, no one is 100 percent safe from a data breach. But by following the PCI DSS procedures, you’ll be better prepared to secure your customers’ personal data, protect your business from financial losses and remediation costs and preserve your valuable reputation.
The standards laid out in the PCI DSS cover security management, policies, procedures, network architecture, software design and other protective measures. They apply to all merchants that accept, transmit or store any cardholder data, regardless of size, wealth or number of transactions. They include:
Build and maintain a secure network
- Install and maintain a firewall configuration to protect data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect cardholder data
- Protect stored data.
- Encrypt transmission of cardholders’ data sensitive information across public networks.
Maintain a vulnerability management program
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
Implement strong access control measures
- Restrict access to data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
Regularly monitor and test networks
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
Maintain an information security policy
To ensure that all credit card information is maintained in a secure environment, consult with your merchant services provider, who is also required to be PCI compliant.
PCI compliance may have additional costs associated with it, but the consequences of not abiding by the guidelines are even greater — potentially great enough to destroy your business, should a breach occur. Think of PCI compliance as an investment in your business and your future.
Photo credit: ntctexas.com
Bio: Beth Longware Duff is a professional editor and award-winning writer whose work on a wide variety of topics has been published in print and electronic media. She currently writes on a wide range of topics dealing with electronic payment processing for Merchant Express.